168 Ransomware: a New Era of Digital Terrorism Richa Indu1 And

168 Ransomware: a New Era of Digital Terrorism Richa Indu1 And

Ransomware: A New Era of Digital Terrorism Richa Indu1 and Anuj Sharma2 Department of Computer Science and Engineering, Institue of Technology Roorkee-247667, Uttarakhand, India Abstract: This work entails the study of ten nasty ransomwares to reveal out the analytical similarities and differences among them, which will help in understanding the mindset of cyber crooks crawling over the dark net. It also reviews the traps used by ransomware for its distribution and side by side examining the new possibilities of its dispersal. It concludes by divulging inter-relationship between various distribution approaches adopted by ransomwares and some attentive measures to hinder the ransomware and supporting alertness as ultimate tool of defense at user’s hand. Indexing terms/Keywords: Ransomware, malwares, botnets, cryptography, web crawlers Date of Publication: 2018-08-30 Volume: 01 Issue: 02 Journal: Computer Reviews Journal Website: https://purkh.com This work is licensed under a Creative Commons Attribution 4.0 International License. 168 1. Introduction Computer and Internet is an inevitable partner of now a day’s routine life and has been emerged as one of the largest platforms for e-commerce, file sharing and infotainment. Commencing by late 1960s, Internet has beheld a lot of progress as a network of WANs, MANs, LANs connected with different kinds of topologies, switches, routers and other devices, where each has different security structures, requirements and the levels of protection also varies indiscriminately. In nutshell, from a small-centralized structure, Internet has turned into a widely distributed yet decentralized architecture [1]. However, depending on the conduct of its users every discovery or investigation has positive and negative aspects. Similarly, informational subset of Internet known as WWW also has its counterpart known as Dark Net, an encrypted place of get together of cyber-criminals and crooks, which is free from surveillance and its contents, can only be accessed with the help of special protocols, softwares and browsers, namely; TOR (The Onion Router), Freenet [2]. Such a protected environment is widely utilized by criminals and crooks for their illegal tasks, sharing disastrous ideas, hijacking or hacking websites, stealing sensitive information such as banking and associated details and to exploit the vulnerable peepholes in any internet-enabled device as computer for injecting the infection, disturbing its normal working and affecting stored information to earn money [3]. Accordingly, cybercriminals work behind the scene to harm the device that concludes as the loss of valuable information for the victim user. With advancement in technology, these cybercriminals also made progress and more expertize in concealing or sheathing their malware codes to safely dodge the hard to evade latest security solutions. Such a new generation of computer infection is referred to as ransomwares. Spreading the infection via multi-phase ransomware does not requires enough skills since it readily available on dark web in several thousand-dollar packages [4, 5]. Furthermore, there exists well-funded and organized groups behind the modelling of ransomware, operated and administered by different encrypted dark net zones. The criminals are so successful with their ransomwares because they continuously adapt new changes in technology into their ransomware and use them in more pace than others. For an instance, through the well-known phenomenon of social engineering and camouflaging these criminals are capable of befooling anyone by generating a real-seeming fake webpage or application, advertisement or e-mails. Most often, the security keeping agencies are interested in stopping such cybercrimes but not the criminals. In addition to it, use of Dynamic DNS for ransomware distribution and crypto-currencies for ransom payment make it further difficult to trace their exact location. Cherry on the icing (top) is the willingness of some victims either individual or organizations in paying ransom rather than handling the burden of back-logging for several months will also praise the criminal minds and thence success [6]. However, the above facts does not conclude that no cybercriminal have been arrested yet. It is a matter of praise that some of the crooks are now behind the bars and such operation shut downed their whole ransomware family [4]. Even then, some other skilled hackers take advantage of that operative code by making some improvements and modifications and then reuse it to start their illegal business. The actual problem is not ransomware itself, but it is the ignorance regarding ransomware and its unusual spread [7]. The strong defensive techniques and a bit of alertness, is sufficient to tackle the ransomwares and get rid of it. Today the extent up to which the Internet and Computers are involved in our lives, security is always on risk due to unawareness and low protection measures. That day is not so far when a car, a mobile phone, a Television set or any other internet enabled smart gadget will not start and shows DDoS (Distributed Denial of Service) error or ask for ransom because they are hacked by someone and one have to pay ransom in order to get access to them [8]. Organization of this paper consisits of the journey of ransomware in sec. 2, new age of ransomwares in sec. 3, the view point in sec. 4 followed by the new saftey era in sec. 5. 169 2. JOURNEY OF RANSOMWARE 2.1 EVOLUTION OF MALWARE In primordial format, designing a malware is only for excavating the vulnerabilities of a computer. In basic terms, malware is any malicious or mischievous software with a raffish of hacking, stealing and spying the sensitive information as well as disturbing the normal functionalities of entire system. Malware collectively includes viruses, Trojans, spywares, ransomwares, logic bombs, adware, rootkits and many more [9-11] as illustrated in figure 2.1. The first malware designed to reveal out insecurity on a PC is Brain. A, developed by Basit and Amjad of Pakistan that begins with infecting the boot sectors of a floppy diskette. Later on this infecting technique progressed towards rewriting, scrambling, or deleting File Tables on PC [10]. Gradually malwares initiated the use of mutation and polymorphism for increasing its potential against built-in security measures [5]. The first VIRUS exists even years before the commercialization of Internet in around late 1980s or in beginning of 1990s [1]. The first ever virus named as Creeper designed by Bob Thomas employed in BBN Technologies Lab was detected in 1971[11]. Creeper has no such coding that it perform any malicious task but merely replicates itself throughout ARPANET to broadcast the following message- “I’m the Creeper, Catch me if you can!” To do so it exploits the vulnerability of DEC PDP-10 computer, the first time-sharing system specially meant for ARPANET that runs on TENEX Operating System. Later detection revealed that Creeper was a worm not a virus and an antivirus called Reaper was developed to stop it from further telecasting/displaying the messages [11]. Beginning from replication, Viruses moved to infect boot sectors by rewriting them, destroying File Allocation Table (FAT) and finally infecting Master Boot Record (MBR). For further troubling windows Operating System, virus initiates by infecting Portable Eexecutable (PE) files and developing an ability of suiciding. Viruses have leveraged as well as affected a number of ultilities in windows such as macros in microsoft office, e-mails, win 32 active programming interfaces, screensaver files and many more. The advanced variant of polymorphic viruses are capbale enough of evading auto-detection via anti-virus tools. In this journey hundreds of thousand viruses globally infected various systems but now a days, stealth viruses are prevalent. 170 Fig 2.1 Family of Malwares Worms has their built-in scanning algorithm that analyzes the network address to exploit any vulnerability on the device connected to IP address. Additionally, worms have a higher competence of defending against security solutions. The first worm ‘Morris’ showed its existence in 1988 accidently, which flooded the network with traffic and crashed the Internet. Some known targeted vulnerabilities exploited by worms were Microsoft SQL Server, Data Engine, Visio, Visual Studio .NET, Damage cleanup server (Trend Micro), etc.[10]. Moreover, worms are also infused with capabilities of traffic redirection, employing backdoors etc. as illustrated in figure 2.2. Fig 2.2 Span of Worms Rootkits, either user mode or kernel mode, both intend to modify OS by holding system resources and keeping itself hidden to avoid detection. Rootkits have another capability of creating a botnet comprising of only victimized machines and take advantage of that botnet for further spreading other kind of infections as illustrated in figure 2.3. Fig 2.3 Functionalities of Rootkits Mebroot (2008) is such rootkit that looks for security fissures of web browser to spread infections. It even appoints spying tools, which communicates with hacker to steal whatever victim types [10-11]. As an improvement, it reverts error codes or bugs to its developer to promote fixing as well as debugging. Another well-known malware family member is Trojan, which describes the legitimate look like inactive program that remains dormant inside a system until a triggering event occurs to promote its disastrous 171 functionalities. Bundling of the most probably found spywares is not new, whether it is on cyberspace or in real world. This secret agent takes away secrets of end-user either from web-browser (Internet) or on the Personal Computer. Adware are similar to malicious advertisements that are spoofed as legitimate ads on web pages. An adware can be injected on the website by compromising it. A click to see the tempting advertisement leads to the execution of adware, which holds a malicious payload that executes with the installation of an adware from the web or downloaded software. Usually the adware disturbs the functioning of a computer by opening a cascade of windows, which itself acts as an injector of another kind of malware [5,6].

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    59 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us